<?
	class alias
	{
		private $db_link;

		function __construct()
		{
			$this->db_link = $_SESSION['portiqus']->getDB();
		}
		
		public function Run()
		{
			$was_soll_ich_machen = $_GET['run'];
			$womit = $_GET['was'];
			
			$was_soll_ich_machen = $_GET['run'];
			$womit = $_GET['was'];

			if (isset($was_soll_ich_machen)) 
			{
				switch($was_soll_ich_machen)
				{
					case "edit":
						if (isset($womit))
						{
							if ( isset($_POST['alias_from']) && isset($_POST['alias_from_domain']) && (isset($_POST['alias_to']) || isset($_POST['alias_to_remote']) ) )
							{
								if ( ($_POST['alias_from'] != "") )
								{
									$this->_doUpdateUser($womit, $_POST['alias_from'], $_POST['alias_from_domain'], $_POST['alias_to'], $_POST['alias_to_remote'] );
								}
								else
								{
									$this->_doEditUser($womit);
								}
							}
							else
							{
									$this->_doEditUser($womit);
							}
						}
						break;
					case "delete":
						if (isset($womit))
						{
							$this->_doDeleteAt($womit);
						}
						break;
					case "new":
						if ( isset($_POST['alias_from']) && isset($_POST['alias_from_domain']) && (isset($_POST['alias_to']) || isset($_POST['alias_to_remote']) ) )
						{
							if ( ($_POST['alias_from'] != "") )
							{
								$this->_doInsertUser($_POST['alias_from'], $_POST['alias_from_domain'], $_POST['alias_to'], $_POST['alias_to_remote'] );
							}
							else
							{
								$this->_doAddNew();
							}
						}
						else
						{
							$this->_doAddNew();
						}
						break;
					default:
						break;
				}
			}
			else
			{
				$this->_displayAll();
			}
		}

		function _doDeleteAt($id_alias)
		{
			if (  preg_match('/^[0-9]{1,2}$/', $id_alias) )
			{
				$query = "DELETE FROM alias WHERE id_alias='" . mysql_escape_string($id_alias) . "';";
				$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
				
				$this->_displayAll();
			}
			else
			{
				print "Achtung SQL-Injection: Bitte lass das!";
				exit;
			}
		}

		function _doInsertUser($alias_from, $alias_from_domain, $alias_to, $alias_to_remote)
		{
			if ( preg_match('/^[0-9a-zA-Z\.\-]{1,}$/', $alias_from) )
			{
				if ($alias_to_remote == "")
				{
					// textfeld ist nicht ausgefuellt.
					$sql_alias_to = $alias_to;
				}
				else
				{
					$sql_alias_to = $alias_to_remote;
				}
				
				$sql_alias_from = $alias_from . "@" . $alias_from_domain;
				
				$query = "INSERT INTO alias (alias_from, alias_to) VALUES ('" . mysql_escape_string($sql_alias_from) . "', '" . mysql_escape_string($sql_alias_to) . "');";
				$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

				$this->_displayAll();
			}
			else
			{
				print "Achtung SQL-Injection: Bitte lass das!<br />";
				exit;
			}
		}
		
		function _doUpdateUser($id_alias, $alias_from, $alias_from_domain, $alias_to, $alias_to_remote)
		{
			if (  preg_match('/^[0-9]{1,2}$/', $id_alias) )
			{
				if ( preg_match('/^[0-9a-zA-Z\.\-]{1,}$/', $alias_from))
				{
					if ($alias_to_remote == "")
					{
						// textfeld ist nicht ausgefuellt.
						$sql_alias_to = $alias_to;
					}
					else
					{
						$sql_alias_to = $alias_to_remote;
					}
				
					$sql_alias_from = $alias_from . "@" . $alias_from_domain;
					
					$query = "UPDATE alias SET alias_from='" . mysql_escape_string($sql_alias_from) . "', alias_to='" . mysql_escape_string($sql_alias_to) . "' WHERE id_alias='" . $id_alias . "';";
					
					$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
					$this->_displayAll();
				}
				else
				{
					print "Achtung SQL-Injection: Bitte lass das!";
					exit;
				}
			}
			else
			{
				print "Achtung SQL-Injection: Bitte lass das!";
				exit;
			}
		}

		function _displayAll()
  	{
			$query = "SELECT id_alias, alias_from, alias_to FROM alias ORDER BY id_alias";
			$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

			?>
				<div id="inhalt">
					<table border="0" cellpadding="0" cellspacing="0">
						<tr align=left><th width=50>id</th><th width=250>Von</th><th width=250>Nach</th></tr>
					<?
						while ($line = mysql_fetch_array($result, MYSQL_ASSOC))
						{
							print "<tr height=15>";
						
							print "\t\t<td align=left>" . $line['id_alias'] . "</td>\n";
							print "\t\t<td align=left>" . $line['alias_from'] . "</td>\n";
							print "\t\t<td align=left>" . $line['alias_to'] . "</td>\n";

							print '<td><a href="?action=alias&run=edit&was=' . $line['id_alias'] . '">edit</a> <a href="?action=alias&run=delete&was=' . $line['id_alias'] . '">delete</a></td></tr>';
						}
						
						mysql_free_result($result);
					?>
				</div>
				Verf&uuml;gbare Aktionen:<br>
				&nbsp;<a href="?action=alias&run=new">einen neue Alias anlegen</a><br>
				oder<br>
				&nbsp;einen vorhandenen Alias editieren:<br><br>
			<?
  	}
  	
  	function _doAddNew()
  	{
			$query_user = "SELECT login FROM user;";
			$result_user = mysql_query($query_user, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

			$query_domains = "SELECT domain_name FROM domain;";
			$result_domains = mysql_query($query_domains, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
  		?>
			<div id="inhalt">
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		<br><br>
  		<!-- <div id="inhalt"> -->
  			<form method="POST" action="" name="neuer_account">
  				<table border="0" cellspacing="3" cellpadding="0" width="550">
  					<tr><td>Von</td><td align="right"><input type="text" name="alias_from" value="" size="50" maxlength="150"></td>
  					<td align=right>
 						<select name="alias_from_domain" size="1">
  					<?
								while ($line_domains = mysql_fetch_array($result_domains, MYSQL_ASSOC))
								{
									print "<option>" . $line_domains['domain_name'] . "</option>";
								}
  					?>
   				  </select>
  					</td>
  					</tr>
  					<tr><td>Nach</td><td align="right">
  						<select name="alias_to" size="1">
  						<?
								while ($line_user = mysql_fetch_array($result_user, MYSQL_ASSOC))
								{
									print "<option>" . $line_user['login'] . "</option>";
								}
  						?>
    				  </select>
  						</td><td align=right>(lokale Benutzer)</td></tr>
  					<tr><td></td><td align="right"><input type="text" name="alias_to_remote" value="" size="50" maxlength="150"></td><td align=right>(Weiterleitung)</td></tr>
  					<tr><td></td><td></td><td align=right><input class="createb" type="submit" value="Erstellen"></td></tr>
  				</table>
  			</form>
  		</div>
  		<?
  	}
  	
  	function _doEditUser($id_alias)
  	{
  		if (  preg_match('/^[0-9]{1,2}$/', $id_alias) )
  		{
				$query_user = "SELECT login FROM user;";
				$result_user = mysql_query($query_user, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

				$query_domains = "SELECT domain_name FROM domain;";
				$result_domains = mysql_query($query_domains, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

				$query = "SELECT id_alias, alias_from, alias_to FROM alias WHERE id_alias='" . $id_alias . "';";
				$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

				$line = mysql_fetch_array($result, MYSQL_ASSOC);

				$von_user = substr($line['alias_from'], 0, strpos($line['alias_from'], '@'));
				$von_domain = substr($line['alias_from'], strpos($line['alias_from'], '@') + 1);
				
				if (strpos($line['alias_to'], '@'))
				{
					$an_user = $line['alias_to'];
				}
				else
				{
					$an_user = "";
				}
				print $von_domain;
	  		?>
				<div id="inhalt">
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		<br><br>
  			<form method="POST" action="" name="neuer_account">
  				<table border="0" cellspacing="3" cellpadding="0" width="550">
  					<tr><td>Von</td><td align="right"><input type="text" name="alias_from" value="<? print $von_user ?>" size="50" maxlength="150"></td>
  					<td align=right>
 						<select name="alias_from_domain" size="1">
  					<?
								while ($line_domains = mysql_fetch_array($result_domains, MYSQL_ASSOC))
								{
									if ($line_domains['domain_name'] == $von_domain)
									{
										print "<option selected>" . $line_domains['domain_name'] . "</option>";
									}
									else
									{
										print "<option>" . $line_domains['domain_name'] . "</option>";
									}
								}
  					?>
   				  </select>
  					</td>
  					</tr>
  					<tr><td>Nach</td><td align="right">
  						<select name="alias_to" size="1">
  						<?
								while ($line_user = mysql_fetch_array($result_user, MYSQL_ASSOC))
								{
									if ( ($an_user == "") && ($line_user['login'] == $line['alias_to']) )
									{
										print "<option selected>" . $line_user['login'] . "</option>";
									}
									else
									{
										print "<option>" . $line_user['login'] . "</option>";
									}
								}
  						?>
    				  </select>
  						</td><td align=right>(lokale Benutzer)</td></tr>
  					<tr><td></td><td align="right"><input type="text" name="alias_to_remote" value="<? ($an_user != "") ? print $an_user : print ""; ?>" size="50" maxlength="150"></td><td align=right>(Weiterleitung)</td></tr>
  					<tr><td></td><td></td><td align=right><input class="createb" type="submit" value="Erstellen"></td></tr>
  				</table>
  			</form>
  		</div>
	  		<?
	  		mysql_free_result($result);
	  	}
	  	else
	  	{
				print "Achtung SQL-Injection: Bitte lass das!";
				exit;
	  	}
  	}
	}
?>
